PYSEC-2019-54

SQLAlchemy 1.2.17 has SQL Injection when the groupby parameter can be controlled...

CVE-2019-7548

SQLAlchemy 1.2.17 is affected by CVE-2019-7548 and allows SQL Injection when the group_by parameter can be controlled. Connected documents confirm the vulnerable component is SQLAlchemy 1.2.17 and describe the injection via group_by as the root cause. The sources do not provide specific exploit d...

CVE-2019-7548

SQLAlchemy 1.2.17 has SQL Injection when the groupby parameter can be controlled...

CVE-2019-7548

SQLAlchemy 1.2.17 has SQL Injection when the groupby parameter can be controlled...

CVE-2019-7548

SQLAlchemy 1.2.17 has SQL Injection when the groupby parameter can be controlled. Recent assessments: kevthehermit at April 23, 2020 8:30pm UTC reported: SQLAlchemy is one of the most popular ORMs for Python / SQL Database interaction. It is heavily used in python web applications with frameworks...

py39-sqlalchemy11 -- multiple SQL Injection vulnerabilities

21k reports: SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the orderby parameter. nosecurity reports: SQLAlchemy 1.2.17 has SQL Injection when the groupby parameter can be controlled...

py39-sqlalchemy12 -- multiple SQL Injection vulnerabilities

21k reports: SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the orderby parameter. nosecurity reports: SQLAlchemy 1.2.17 has SQL Injection when the groupby parameter can be controlled...

py39-sqlalchemy10 -- multiple SQL Injection vulnerabilities

21k reports: SQLAlchemy through 1.2.17 and 1.3.x through 1.3.0b2 allows SQL Injection via the orderby parameter. nosecurity reports: SQLAlchemy 1.2.17 has SQL Injection when the groupby parameter can be controlled...

Remote Code Execution (RCE)

sqlayamlfixtures is vulnerable to remote code execution RCE attacks. The vulnerability exists through the value of fixturetext which is supplied to yaml.load without sanitization, allowing RCE attacks...

eve-elastic (=2.6.0), eve-sqlalchemy (>=0.5.0 <=0.7.1) +1 more potentially affected by CVE-2018-8097 via eve (>=0.6.4 <=0.7.10)

eve PYPI version =0.6.4, =0.5.0, =1.0.0, =1.4.0rc2 Source cves: CVE-2018-8097 Source advisory: OSV:GHSA-8JXQ-75RW-FHJ9...

eve-elastic (=2.6.0), eve-sqlalchemy (>=0.5.0 <=0.7.1) +1 more potentially affected by CVE-2018-8097 via eve (>=0.6.4 <=0.7.10)

eve PYPI version =0.6.4, =0.5.0, =1.0.0, =1.4.0rc2 Source cves: CVE-2018-8097 Source advisory: OSV:PYSEC-2018-8...

MLAlchemy Command Execution Vulnerability

MLAlchemy is a Python based open source utility library that converts YAML/JSON to SQLAlchemy SELECT queries. A security vulnerability exists in the YAML parsing functionality of the parseyamlquery method of the arser.py file in versions of MLAlchemy prior to 0.2.2. An attacker can exploit this...

Oracle: Security Advisory (ELSA-2012-0369)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Moderate: Red Hat Bug Fix Advisory: Red Hat Enterprise Linux OpenStack Platform Bug Fix and Enhancement Advisory

Updated packages that resolve various issues are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 Icehouse for RHEL 6. Red Hat Enterprise Linux OpenStack Platform provides the facilities for building a private or public infrastructure-as-a-service IaaS cloud running on commonly...

[SECURITY] Fedora 19 Update: python-elixir-0.7.1-14.fc19

Elixir is a declarative layer on top of SQLAlchemy. It is a fairly thin wrapper, which provides the ability to define model objects following the Active Record design pattern, and using a DSL syntax similar to that of the Ruby on Rails ActiveRecord system. Elixir does not intend to replace...

[SECURITY] Fedora 20 Update: python-elixir-0.7.1-14.fc20

Elixir is a declarative layer on top of SQLAlchemy. It is a fairly thin wrapper, which provides the ability to define model objects following the Active Record design pattern, and using a DSL syntax similar to that of the Ruby on Rails ActiveRecord system. Elixir does not intend to replace...

Oracle Linux 6 : python-sqlalchemy (ELSA-2012-0369)

The remote Oracle Linux 6 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2012-0369 advisory. 0.5.5-3 - sanitize inputs to limit and offset Resolves: CVE-2012-0805 Tenable has extracted the preceding description block directly from the Oracle Linux...

Gentoo Security Advisory GLSA 201209-16 (sqlalchemy)

The remote host is missing updates announced in advisory GLSA 201209-16. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 201209-16 (sqlalchemy)

The remote host is missing updates announced in advisory GLSA 201209-16. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...

GLSA-201209-16 : SQLAlchemy: SQL injection

The remote host is affected by the vulnerability described in GLSA-201209-16 SQLAlchemy: SQL injection SQLAlchemy does not properly sanitize input passed from the limit and offset keywords to the select function before using it in an SQL query. Impact : A remote attacker could exploit this...